I recently deployed Dual WAN P.C.C configuration at a local cable.network. The scenario is something like below . . .
USERS >> MIKROTIK PPPOE SERVER >>> MIKROTIK RB 750 PCC with 2 DSL Link>>> INTERNET
The problem they were facing of one particular Banking web site name bankalhabib.com , The best method to resolve such P.C.C issues is to use src-address as classifier, this way user WAN ip won’t be change and they will be stick to 1 wan for there session. But in above scenario I cant use src-address as users are not directly hitting PCC. So I made a workaround and exempted the user and in one case , the destination website from being processed by the P.C.C
The simple theory is to make a address with the user ip or the destination web site IP address. and then create an rule in mangle to exempt it from P.C.C, Then create a new default route in with your desired WAN selected , for that traffic which is exempted from P.C.C
Important: Move this rule above of other PCC rules, so it will accept the data before PCC catches it.
=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x
To Exempt Any User IP from PCC Rule,
/ip firewall address-list
add list=usere-exempted-from-pcc address=172.16.0.2/32
Now create Mangle Rule to accept traffic from above list, then PCC will not precess this user ip address , and Mikrotik will use the Default route for this user Traffic. (We will add it later)
Example:
/ip firewall mangle
add action=accept chain=prerouting disabled=no src-address-list=user-exempted-from-pcc
To Exempt Any Web Site from PCC, first track its IP Address (or pool), then add it in exempt list.
/ip firewall address-list
add list=site-exempted-from-pcc address=108.59.160.167/32
(108.59.160.167/32 is mywanip.com for test purpose)
Now create its mangle rule
/ip firewall mangle
add action=accept chain=prerouting disabled=no src-address-list=site-exempted-from-pcc
Adding Route for Un-Marked Traffic
You have to add Default ROUTE rule to tell Mikrotik to use this ROUTE as default route for all other UNMARKED traffic not processed / marked by the PCC. and in this route, you can bind exempted traffic request to always go through Specific Link only.
/ip route
add comment=”Default Route For Un-Marked Traffic” disabled=no distance=3 dst-address=0.0.0.0/0 gateway=101.11.11.36 scope=30 target-scope=10
(Change IP Address as per your network configuration)
=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x
kindly paste the script of mangle rule
Comment by cruise-bb — April 14, 2012 @ 1:01 PM
Yes I forgot to paste it from my test lab pc, please wait I will post it on Monday.
Comment by Syed Jahanzaib / Pinochio~:) — April 14, 2012 @ 2:18 PM
is there anther method for the NTH …???
Comment by Ahmed Elassal — April 15, 2012 @ 10:37 AM
i dont think so .
Comment by cruise-bb — April 16, 2012 @ 2:14 PM
Can’t say, NTH i sno longer used nowa days normally. PCC is more successful and reliable and highly customizable method
Comment by Syed Jahanzaib / Pinochio~:) — April 16, 2012 @ 4:01 PM
Thanks for theseThanks for these useful tips and articles. useful tips and articles.
Comment by Pooya — April 17, 2012 @ 8:26 PM
I am also facing problem in skype. Kindly tell me how to overcome that issue.
Comment by Muhammad Fawad — April 23, 2012 @ 3:34 PM
hmmm, try to pinpoint SKYPE IP pool, then mark this pool, and dedicate any wan for it.
Comment by Syed Jahanzaib / Pinochio~:) — April 25, 2012 @ 10:57 AM
i am also having same issue with skype and garena users ….
all i want to know is how can i forward udp port of garena to wan 4….
i am using pcc load balancing mikrotik version 3.6 with hotspot.
is there any method to clasify upd connections so that i can clasify udp port and forward all trafric to wan 4.
and block all other ports for wan 4.
Comment by billy — May 6, 2012 @ 4:50 PM
Asalam o Alikum Jahanzaib bhai,,
i wonder if it is effected on older version lyk v3???
Jazaak`Allah and keep up the great work…
Comment by ZJ — June 22, 2012 @ 1:51 AM
Jahanzaib bhai, i`ve got a problem.. when i configure my route for unmarked traffic with distance 3, it doesn`t get active.. it only show active when i change its distance from 3 to 1, what could b possible reason for this.. please guide me… and beside that,, my traffic is not even transferring from that route completely as well.. please guide me as you always do..
Jazaak`Allah!!
Comment by ZJ — June 25, 2012 @ 1:39 PM
Sir..where r you
(
Comment by ZJ — July 4, 2012 @ 7:05 PM
Hello Dear
Thanks for the nice and helpful information.
Is there anyone, who can help me to know how I can shape the bandwidth of my user while they only use internet? While they use intranet my mikrotik shapping that bw also.
Comment by Halimul Alam — August 7, 2012 @ 6:51 PM
are you using hotspot ?
Comment by Syed Jahanzaib / Pinochio~:) — August 8, 2012 @ 7:52 AM
No I am not using HotSpot. For your kind information, if you need my network diagram please go to http://forum.mikrotik.com/viewtopic.php?f=13&t=64360.
There I have posted my topics.
Thanks for your early response.
Comment by halimul ALAM — August 8, 2012 @ 7:59 AM
Respected Sir,
I am using 2 evo devices in my load balancer. I am getting issue regarding skype. Is there any way to solve this issue.
Thank you.
Muhammad Fawad
Comment by Muhammad Fawad — November 28, 2012 @ 6:03 PM
how can i move this rule above the pcc rules
Comment by waqar — December 3, 2012 @ 5:59 PM
To Exempt Any User IP from PCC Rule is not working. I am using your script. Please guide me.
Comment by waqar — December 4, 2012 @ 3:57 PM
thanks for your articles. They are helpful.
I have followed this guide to exclude a range of IP balancing public, but there is no way that I work.
I still balanced out. The rule is the principle of all the rules.
Comment by Ariel — May 16, 2013 @ 4:11 PM